Ransomware: Some of the major attacks that hit businesses in 2017

As ransomware ran amock last year we take a retrospective look at what actually transpired

At the start of 2017, many had already designated 2016 as the ‘year of ransomware,’ and with good reason. According to ISTR’s Special Report on Ransomware and Business, ransomware had “quickly emerged as one of the most dangerous cyber threats facing both organizations and consumers, with global losses now likely running to hundreds of millions of dollars.” At IRONSCALES, we knew it was just the tip of a very nasty sword so our 2017 prediction was that the ransomware problem would get worse in 2017. And we were bang on the money as ransomware dominated the headlines, taking data hostage and demanding money to restore order with many scratching their heads and wondering how they could protect themselves from these attacks.

Here are some of the most significant ransomware attacks that hit businesses in 2017.

1. WannaCry

In May 2017, the WannaCry ransomware targeted systems all over the World, encrypting files and demanding payment of $300 in Bitcoin for retrieval. The attack, propagated through the EternalBlue exploits, targeted organizations that had not applied earlier patches released by Microsoft. The ransomware affected 74 countries, infecting everything from Hospitals to businesses and Universities, and is believed to have cost around $4 billion in losses.

2. NotPetya

NotPetya exploded onto the scene in June, just months after WannaCry crippled millions across the World; it is understood that NotPetya infected machines by hijacking a software update for a Ukrainian tax software tool, and through phishing emails. Although demanding $300 in Bitcoin as payment, it is widely believed that NotPetya was used to spread destruction, rather than extort money, as minimal effort was put into retrieving the ransom paid by victims to get their files back. The monetary cost of NotPetya hit the billions- not to mention shipping giant Maersk who reported losses of $300m.

3. Bad Rabbit

October was the month of ‘Bad Rabbit’. The ransomware, which spread primarily throughout Eastern Europe – even effecting the Underground Railway system in Kiev, it asked for $280 in Bitcoin for the retrival of files- less than the ransom demanded during the WannaCry and Petya attacks. Security firm ESET discovered that the ransomware was a new variant of Petya, which wreaked destruction earlier in 2017. Unlike the major attacks earlier in the year, Bad Rabbit used drive-by attacks to spread, and was much smaller in scale.

4. Locky

Locky was first detected in early 2016, and spreads malware through spam- typically through an email. After falling off the radar at the start of 2017, in August 2017, Locky resurfaced with vengeance and hit out with perhaps its biggest campaign to date- 23 million spam emails were sent over 24 hours. Once infected, Locky scrambles and renames all important files with the extension .locky – with the attacker holding the decryption key for ransom. In this case, those who fell for the phishing email were in for a nasty shock- criminals held the files to ransom for .5 bitcoin- at the time, that equated to just over $2300.

With ransomware predicted to grow even more in the coming year, it is crucial to act now, in order to ensure the security of your business and protect against ransomware attacks. One thing is certain – if you have email security that can prevent phishing and spear phishing, then you can prevent ransomware.

IronTraps recognizes the ransomware threat in phishing attacks, and so provides an automatic email phishing response solution to analyze and remediate incoming threats in real time. With on-premise and cloud-based automatic server-side remediation, IRONSCALES can help remove ransomware emails even when a user is offline or not logged in. Federation also allows phishing attack intelligence to be shared anonymously between enterprises and organizations worldwide; this enables businesses to proactively defend their network gateways and endpoints from attacks which are becoming more frequent, and even more sophisticated.

Related Articles

INTERPOL has joined the No More Ransom project which helps the public protect itself from ransomware while assisting victims to recover their data without having to pay the criminals involved. The No More Ransom project was […]

Like this:

By Chris McCormack The recent WannaCry and Petya malware outbreaks were the first widespread network worms for several years. Worms differ from regular malware attacks because they can spread by themselves, often without needing any help from users. Both WannaCry […]

Like this:

IRONSCALES has announced the availability of IronShield, an advanced cloud-based email protection module that automatically taps into sandbox and multi AV engines to weed out messages with malicious links and attachments in real-time. Complementing IronSights, IRONSCALES’ advanced […]

Leave a Reply

Be the first to comment

Specify a Disqus shortname at Social Comments options page in admin panel

advert:

About us:

For news, updates, views, analyses and reviews on tech and ICT developments in Kenya, Africa and the world.
For editorial and advertising partnerships, call +254-725-537823 / +254-735-537823 or send an email to aptantech@gmail.com or omondi.ouma@gmail.com.
We also provide Press Release writing and distribution services to local and regional news outlets. Don't hesitate to contact us for media coordination when you've an event.

Advert Dimensions:

For Advertising inquiries:

Above – click on the image for clarity – are the various advert placement positions and dimensions on the blog. For bookings and more info, get in touch through: +254-725-537823 / +254-735-537823 or send an email to: aptantech@gmail.com or omondi.ouma@gmail.com.